Collection of npm package manager Security Best Practices

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Script to verify if Mini-Shai Hulud - Team PCP - Shai Hulud and Sha1-Hulud NPM package alike are affecting your NPM Build - check https://phoenix.security/shai-hulud-second-coming-npms-biggest-supply-chain-breach/

Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.

A CLI security scanner that detects GitHub accounts compromised by the “Sha1-Hulud: The Second Coming” npm supply-chain worm.

🪱 NPM Worm Defense Guide: Detection, remediation & prevention for Shai-Hulud 2.0 and beyond!

🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting

A Node.js utility to scan projects for compromised npm packages by checking against the latest list from Wiz Security's research repository for the recent shai-hulud-2 security breach.

Security scanner that checks npm dependencies for Shai Hulud vulnerable packages. Scans all dependencies and transitive dependencies against 689+ known compromised packages

Scan a directory tree for npm packages compromised in a supply-chain incident, given a CSV of affected packages. Great for detecting Shai-Hulud worm infestation.

🛡️ Detect Shai Hulud npm-worm compromises in GitHub users and organizations with this easy-to-use CLI tool, protecting your code from malicious attacks.

🔍 Automated GitHub scanner to detect Sha1-Hulud project repositories across organization members. Fetches org members, scans for specific repos, and sends Slack notifications when found.

🛡️ Protect your npm supply chain with clear guidance on detection and remediation against threats like supply-chain worms.

🚨 Detect compromised npm packages from the SHA1-HULUD pt 2 attack with a multi-package manager scanner supporting npm, yarn, bun, and pnpm.